Proxy server -Docker deploys Nginx reverse proxy
The author | WenasWei
What is a proxy server
The function of a Proxy Server is to obtain network information on behalf of network users. Figuratively speaking, it is the network information transfer station, is the intermediary agency between individual network and Internet service provider, responsible for forwarding legitimate network information, control and registration of forwarding.
As a bridge between Internet and Intranet, proxy server plays an extremely important role in practical applications. It can be used for multiple purposes. The most basic function is connection, and it also includes security, cache, content filtering, access control management and other functions. More importantly, proxy server is an important security function provided by Internet link-level gateway, and its work is mainly in the open System Interconnection (OSI) dialogue layer.
Proxy server: When a client sends a request, it first sends it to the proxy server rather than directly to the destination host. After receiving the request, the proxy service sends it to the host and receives the data returned by the destination host. The data is stored on the proxy server’s hard disk and then sends it to the client.
Two Main functions of the proxy server
The proxy server provides the following functions:
- Cache function: it can reduce the cost and improve the access speed
- Firewall functions: Monitors and filters Internet information entering the Intranet
- Access inaccessible target sites through proxy servers
- An iP address or Internet account can be used by multiple users at the same time
- This section describes how to manage user permissions and information traffic accounting on internal networks
2.1 Cache Function
Can reduce the bandwidth costs and improve access speed, due to the target host returns the data will be stored in a proxy server hard disk, so the next time the client to access the same site data, can directly read from the hard disk of proxy server, have played an important role in the cache, especially for popular sites can significantly increase the speed of the request.
2.2 Firewall Functions
Because all client requests must go through the proxy server to the remote site, restrictions can be placed on the proxy server to filter out some unsafe information.
In order to avoid wasting communication costs when non-business related information enters the internal network, organizations often have some regulations on what is allowed to access. Through proxy server, network administrator can not only take filtering method to control the information content from the Internet into the internal network, but also can monitor the situation of users’ access to the Internet in real time and set up an inspection log archive for future reference.
2.3 Accessing inaccessible sites using a proxy Server
There are many open proxy servers on the Internet, clients can access the target site through the unrestricted proxy server when access is limited. Generally speaking, the browser we use is the use of proxy server, although can not go abroad, but also can directly access the Internet.
2.4 One iP address or Internet account can be used by multiple users
IPv4 uses 32-bit (4-byte) addresses, so there are only 4,294,967,296 (2) addresses in the address space. IANA’s primary address pool was exhausted on February 3, 2011, after the last five address blocks were assigned to the five Regional Internet Registries.
Under current circumstances, IP address is the limited precious resources in the Internet, if these IP addresses are only used for a single user who requests Internet access, can not say that it is a waste of resources. A proxy server can be used to provide Internet access to multiple users at the same time through a single IP address. For an internal network connected to the Internet through telephone dial-up, it can be realized using a telephone line, a modem and an Internet account. All users on the Intranet can access the Internet at the same time, thus making full use of IP address resources.
2.5 Managing user permissions and information traffic accounting for Intranet users
In order to avoid wasting communication costs when non-business related information enters the internal network, organizations often have some regulations on what is allowed to access. Through proxy server, network administrator can not only take filtering method to control the information content from the Internet into the internal network, but also can monitor the situation of users’ access to the Internet in real time and set up an inspection log archive for future reference.
Three forward proxy and reverse proxy
3.1 Forward Proxy
Forward proxy, set up between the client and the target host, is only used to proxy the internal network to the Internet connection requests, the client must specify a proxy server, and the Http request that would have been sent directly to the Web server to the proxy server.
Forward proxy uses:
– (1) Access previously inaccessible resources, such as Google
– (2) Enables caching to speed up resource access
– (3) Authorize client access and authenticate Internet access
– (4) The proxy can record user access records (online behavior management) and hide user information externally
3.2 Reverse Proxy
The reverse proxy server is set up on the server side, which alleviates the workload of the server by buffering frequently requested pages and forwards client requests to the target server on the internal network. The result obtained from the server is returned to the client requesting the connection on the Internet. At this time, the proxy server and the target host are presented as a server.
Reverse proxy functions:
- (1) To ensure the security of the Intranet and prevent Web attacks, large websites usually use the reverse proxy as the public network access address, and the Web server is the Intranet
- (2) Load balancing, through the reverse proxy server to optimize the load of the website
Nowadays, many large Web sites use reverse proxy. In addition to preventing the malicious attack of the external network on the internal server, caching to reduce the pressure on the server and access security control, it can also carry out load balancing and distribute user requests to multiple servers.
3.3 Differences between forward and reverse Proxies
A forward proxy is a client agent. The proxy client and the server do not know the client that actually initiates the request, for example, a scalper who buys tickets
The reverse proxy is the proxy server. The client does not know the actual service provider, for example, the rental agent
In forward proxy, the proxy and client belong to the same LAN and are transparent to the server.
In reverse proxy, proxy and server belong to the same LAN and are transparent to clients.
Four extensions: Docker deployed Nginx reverse proxy Tomcat
demand
- Two Tomcat services use nginx reverse proxies
- Nginx server: 100.100.100.100:80
- Tomcat1 Server: 100.100.100.100:9090
- Tomcat2 Server: 100.100.100.100:9091
4.1 Starting the Tomcat Container
Start two Tomcat container, port mapping for 9090 and 9091, / usr/local/docker/Tomcat/docker – compose. Yml as follows:
version: '3'
services:
tomcat1:
image: tomcat
container_name: tomcat1
ports:
- 9090:8080
volumes:
- ./html:/usr/local/tomcat/webapps/ROOT
tomcat2:
image: tomcat
container_name: tomcat2
ports:
- 9091:8080
volumes:
- ./html2:/usr/local/tomcat/webapps/ROOT
Copy the code
Create directories and files
In/usr/local/docker/tomcat/directory to create HTML and html2 two directories, and distinguish the create two index. The HTML file
# test 80 or # test 8080Copy the code
4.2 Starting the Nginx container
- Start Nginx container, map port 80,
/usr/local/docker/nginx/docker-compose.yml
As follows:
Version: '3.1' services: nginx: restart: always image: nginx container_name: nginx ports: -80 :80 Volumes: - ./conf/nginx.conf:/etc/nginx/nginx.confCopy the code
- Data volume nginx configuration file
/usr/local/ docker-nginx/create a conf directory and create a nginx.conf file with the following contents:
user nginx; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; Upstream tomcatServer1 {server www.weishengqin.cn:9090; Upstream tomcatServer2 {server www.weishengqin.cn:9091; } # configure a virtual host server {listen 80; The location/test1 {proxy_pass http://100.100.100.100:9090/; proxy_connect_timeout 10s; } the location/test2 {proxy_pass http://100.100.100.100:9091/; proxy_connect_timeout 10s; }}}Copy the code
Reference Documents:
[1] lu. Jane: www.jianshu.com/p/bee1c905a… , 2019.02.11.
[2] Baidu Encyclopedia: baike.baidu.com/item/ proxy server /…
[3] Pan Night Tech. Blog garden: www.cnblogs.com/taostaryu/p… , 2019-03-17.